diff --git a/app/redux/UserSaga.js b/app/redux/UserSaga.js
index b8bc45692bd19cc4a71139896d72b93da614d8ac..b5ba4c7262c857140d528d99a8f8818e07e46334 100644
--- a/app/redux/UserSaga.js
+++ b/app/redux/UserSaga.js
@@ -414,7 +414,9 @@ function* uploadImage({payload: {file, dataUrl, filename = 'image.txt', progress
         data = new Buffer(dataBs64, 'base64')
     }
 
-    const bufSha = hash.sha256(data)
+    // The challenge needs to be prefixed with a constant (both on the server and checked on the client) to make sure the server can't easily make the client sign a transaction doing something else.
+    const prefix = new Buffer('ImageSigningChallenge')
+    const bufSha = hash.sha256(Buffer.concat([prefix, data]))
 
     const formData = new FormData()
     if(file) {